Lucene search
K

118 matches found

Packet Storm
Packet Storm
added 2014/12/31 12:0 a.m.59 views

Osclass 3.4.2 Local File Inclusion

-------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file = $routes$rid'file'; 232. 233. else 234. // DEPRECATED: Disclosed path in URL is deprecated, use...

7.5CVSS6.7AI score0.03249EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/12/31 12:0 a.m.75 views

Osclass 3.4.2 Shell Upload

--------------------------------------------------------------------- Osclass redirectTo osccontacturl ; 107. 108. 109. if !moveuploadedfile$tmpName, $path 110. unset$path; 111. 112. 113. The vulnerability exists because of the "CWebContact::doModel" method not properly verifying the extension of...

6.8CVSS6.7AI score0.02514EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/12/31 12:0 a.m.50 views

Osclass 3.4.2 SQL Injection

------------------------------------------------------------------- Osclass = 3.4.2 Search::setJsonAlert SQL Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior...

7.5CVSS0.2AI score0.02356EPSS
Exploits2
NVD
NVD
added 2014/10/20 2:55 p.m.28 views

CVE-2014-6308

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php...

5CVSS6.5AI score0.2226EPSS
Exploits6References5
NVD
NVD
added 2014/10/20 2:55 p.m.28 views

CVE-2014-6280

Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...

4.3CVSS6.1AI score0.01892EPSS
Exploits2References5
Prion
Prion
added 2014/10/20 2:55 p.m.20 views

Directory traversal

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php...

5CVSS7AI score0.2226EPSS
Exploits6References5Affected Software1
Prion
Prion
added 2014/10/20 2:55 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...

4.3CVSS6AI score0.01892EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2014/10/20 2:0 p.m.78 views

CVE-2014-6308

OSClass before 3.4.2 is affected by a directory traversal/LFI via .. in the file parameter of oc-admin/index.php (render action), allowing reading arbitrary server files. Affected: 3.4.1 and earlier; fixed in 3.4.2 ( Netsparker NS-14-031; PoC shows /oc-admin/index.php?page=appearance&action=rende...

5CVSS6.6AI score0.2226EPSS
Exploits6References5Affected Software1
Cvelist
Cvelist
added 2014/10/20 2:0 p.m.31 views

CVE-2014-6308

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php...

6.5AI score0.2226EPSS
Exploits6References5
Cvelist
Cvelist
added 2014/10/20 2:0 p.m.36 views

CVE-2014-6280

Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...

6.1AI score0.01892EPSS
Exploits2References5
CVE
CVE
added 2014/10/20 2:0 p.m.62 views

CVE-2014-6280

CVE-2014-6280 affects OsClass prior to 3.4.2, with multiple XSS vulnerabilities that can be triggered via oc-admin/index.php by manipulating parameters (action, nsextt) and within items_reported action when using nsextt. The vulnerability arises in OsClass before 3.4.2, allowing remote attackers ...

4.3CVSS6AI score0.01892EPSS
Exploits2References5Affected Software1
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.148 views

Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280

Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...

4.3CVSS7.2AI score0.01892EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.81 views

Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308

Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...

5CVSS7.4AI score0.2226EPSS
Exploits6
seebug.org
seebug.org
added 2014/09/29 12:0 a.m.14 views

OsClass 3.4.1 (index.php, file param) - Local File Inclusion

No description provided by source...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/09/25 12:0 a.m.84 views

OsClass 3.4.1 (index.php, file param) - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severit...

5CVSS6.6AI score0.2226EPSS
Exploits6
exploitpack
exploitpack
added 2014/09/25 12:0 a.m.32 views

OSClass 3.4.1 - index.php Local File Inclusion

OSClass 3.4.1 - index.php Local File Inclusion Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity :...

5CVSS6.6AI score0.2226EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/09/25 12:0 a.m.51 views

OSClass 3.4.1 - 'index.php' Local File Inclusion

Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...

5CVSS6.6AI score0.2226EPSS
Exploits6
Packet Storm
Packet Storm
added 2014/09/17 12:0 a.m.43 views

OsClass 3.4.1 Cross Site Scripting

Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...

4.3CVSS6.3AI score0.01892EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/09/17 12:0 a.m.41 views

OsClass 3.4.1 Local File Inclusion

Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...

5CVSS6.6AI score0.2226EPSS
Exploits6
Packet Storm
Packet Storm
added 2013/12/14 12:0 a.m.37 views

Osclass 3.3 Cross Site Request Forgery / SQL Injection / Traversal

=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Vendor: http://osclass.org + Software:Osclass + Version : 3.3 author: R3d-D3v!L + TEAM: ABH ? contact: Xathotmail.co.jp - ? Date: 14.d3c.2ol3 ? T!ME: 04:54 am GMT ? Home: soon ^ ?...

0.1AI score
Exploits0
Rows per page
Query Builder